Anonymous Hacks Back at Cybercrime Investigators

The Antisec wing of Anonymous has come out with another document release in its ongoing assault on law enforcement.

Antisec anons, who specialize in hacks that show the net’s vulnerabilities, gained access to the Gmail/Google account of one “Fred Baclagan.” Baclagan appears to be San Diego-based Alfredo Baclagan, a retired supervisor of the multi-agency Computer and Technology Crime Hightech Response Team. “CATCH” specializes in cybercrime investigation in the San Diego, Imperial Valley, and Riverside counties of southern California. They released a purported 38,000 emails from two accounts of Baclagan’s as a 581 MB torrent.

The video announcement opens with the computer voice intoning ”Greetings Pirates, and welcome to another exciting Fuck FBI Friday release.” Though not directly an attack on the FBI, this release may be the most consequential for computer crime investigators since the hack of HBGary Federal, and particularly their CEO Aaron Barr, who had raised Anonymous’ ire by claiming to the Financial Times he’d uncovered the leadership of Anonymous.

While Anonymous had fun with Baclagan’s personal information, and even claimed to purchased camera equipment for him using his Google wallet, the most important consequences of this release may be the archives of the International Association of Computer Investigation Specialists mailing list archive. That mailing list includes conversation threads from forensic experts around the world discussing investigations, techniques, and how to counter different legal defense tactics.

For instance, the e-mails detail how various companies have responded to law enforcement requests, as in this excerpt from 2009:

Subject: [iacis-l] Re: AT&T SMS Retention Time
I recently found out Verizon preserves text message content on their servers for 3-5 days which can be produced upon a search warrant. I then followed up with the other major providers in my area and found Sprint stores their text message content going back 12 days and Nextel content for 7 days. AT&T/Cingular do not preserve content at all. Us Cellular: 3-5 days Boost Mobile LLC: 7 days
Detective Rich Peacock
Baltimore County Police Department
Vice / Narcotics Section

Wireless providers generally only share this information with law enforcement, but much of their data retention practices were made public in September, thanks to open government requests from the ACLU.

An Anon claiming to be associated with the action said they’d had control of Baclagan’s account for a few weeks, and had been “looking through his data to see if any further exploitation was possible” before the release.

The same Anonymous participant went on to say this attack differed from last month’s law enforcement hack, which was in retribution for crackdowns on Occupy Wall Street protests. This hack was more focused on prosecution of computer crime in general. Specifically, Anonymous was seeking payback for Anons charged for using the Low Orbit Ion Canon, a voluntary denial-of-service tool used last year to protest Visa, Paypal and Mastercard’s decisions to cut off donations to Wikileaks.

LOIC is a point-and-click piece of software that bombards a targeted website with useless traffic. However, the tool does nothing to disguise the source of the traffic, making it trivial for law enforcement to trace the source of the rogue traffic. So if a unsophisticated user used LOIC from their home connection, rather than from an open connection at a café, they could easily be arrested.

And that’s exactly what seems to have happened with the attacks on PayPal, where the FBI arrested a number of anon peons, based on information in PayPal’s server logs.

That’s the theme of this attack on Baclagan, the anon said on IRC.

“It was a blow against white hat sellouts, and also specifically the CA DOJ, which is also prosecuting our anonymous comrades in San Jose for the paypal loic attacks,” said the anon on IRC.

Baclagan did not respond to a voicemail message left by Wired Friday evening.